-----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Günther J. Niederwimmer Sent: Monday, February 23, 2015 9:30 AM To: email@example.com Subject: Re: [Freeipa-users] Centos 7 No permission to /home/..
Hello, Am Montag, 23. Februar 2015, 09:55:06 schrieb Jakub Hrozek: > On Sun, Feb 22, 2015 at 10:19:32PM +0100, Günther J. Niederwimmer wrote: > > Hello, > > > > I have installed centos 7 and a ipa-server on a other system a > > second ipa- server. > > > > But I can't create a user home directory, not on the server and not > > on a > > ipa- client with autocreate ? > > > > Have any a hint on witch place I can search for this problem ? > > > > sssd ipa-server / client .... > > > > When you like info please tell me what? > > The first step is verifying that "getent passwd $user" actually > reports the home dir you'd like it to. It's especially important to > check with users from trusted AD domains. This is working, tell me "/home/xxxx" > Do you intend to auto-create the home directories on the clients or > have them mounted from a central location? In the former case, you > should check configuration of oddjob-mkhomedir, in the latter, you > should check the automounter configuration. I tested all (?), I have configured a ntp /mount for /home, Create a /home/user directory only on the ipa-server, nothing is working I have allways permission denied ? I found a Bug report for the oddjob-mkhomedir, to change the permission from 0002 to 0077 but now, I am on the end ? But on a ipa client a can't do chown -R xxxx:ipausers to change the permission. The ipausers Group is not found on a client? Is this a sssd problem? Now I uninstall all and start again ?. ---- On my setup, group 'ipausers' is not a Posix Group and thus isn't relevant to any of the servers. If indeed oddjob_mkhomedir is creating users $HOME with 755 permissions, then you might want to have a root cron script running on the NFS server itself to set the permissions on a regular basis... ie. 0 * * * * chmod 0700 /home/* > /dev/null 2>&1 #Every hour on the hour, set /home/* to users only. Not an SSSD problem. Craig -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project